Mon May 18 14:20:47 2020 UTC ()

mail/dovecot2: update to 2.3.10.1

Update dovecot2 to 2.3.10.1.

v2.3.10.1  2020-05-18  Aki Tuomi <aki.tuomi@open-xchange.com>

- CVE-2020-10957: lmtp/submission: A client can crash the server by
  sending a NOOP command with an invalid string parameter. This occurs
  particularly for a parameter that doesn't start with a double quote.
  This applies to all SMTP services, including submission-login, which
  makes it possible to crash the submission service without
  authentication.
- CVE-2020-10958: lmtp/submission: Sending many invalid or unknown
  commands can cause the server to access freed memory, which can lead
  to a server crash. This happens when the server closes the connection
  with a "421 Too many invalid commands" error. The bad command limit
  depends on the service (lmtp or submission) and varies between 10 to
  20 bad commands.
- CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an
  address that has the empty quoted string as local-part causes the lmtp
  service to crash.


(taca)

diff -r1.39 -r1.40 pkgsrc/mail/dovecot2/Makefile.common
diff -r1.103 -r1.104 pkgsrc/mail/dovecot2/distinfo
diff -r1.20 -r1.21 pkgsrc/mail/dovecot2-sqlite/Makefile

--- pkgsrc/mail/dovecot2/Makefile.common 2020/03/15 22:52:04 1.39
+++ pkgsrc/mail/dovecot2/Makefile.common 2020/05/18 14:20:46 1.40

 @@ -1,29 +1,29 @@
-# $NetBSD: Makefile.common,v 1.39 2020/03/15 22:52:04 adam Exp $
+# $NetBSD: Makefile.common,v 1.40 2020/05/18 14:20:46 taca Exp $
+#
 # when updating to a new release, update ABI depends in
 # the buildlink3.mk file as well, since the plugins' version
 # must match (see PR 49563).
+#
 # used by mail/dovecot2/Makefile
 # used by mail/dovecot2-gssapi/Makefile
 # used by mail/dovecot2-ldap/Makefile
 # used by mail/dovecot2-mysql/Makefile
 # used by mail/dovecot2-pgsql/Makefile
 # used by mail/dovecot2-sqlite/Makefile
-DISTNAME=	dovecot-2.3.10
+DISTNAME=	dovecot-2.3.10.1
 CATEGORIES=	mail
-MASTER_SITES=	https://dovecot.org/releases/${PKGVERSION_NOREV:R}/
+MASTER_SITES=	https://dovecot.org/releases/${PKGVERSION_NOREV:R:R}/
 MAINTAINER=	adam@NetBSD.org
 HOMEPAGE=	https://www.dovecot.org/
 COMMENT=	Secure IMAP and POP3 server
 LICENSE=	mit AND gnu-lgpl-v2.1 AND modified-bsd
 DISTINFO_FILE=	${.CURDIR}/../../mail/dovecot2/distinfo
 PATCHDIR=	${.CURDIR}/../../mail/dovecot2/patches
 USE_LIBTOOL=		yes
 USE_TOOLS+=		gmake pkg-config rpcgen bash:run
 GNU_CONFIGURE=		yes

--- pkgsrc/mail/dovecot2/distinfo 2020/03/15 22:52:04 1.103
+++ pkgsrc/mail/dovecot2/distinfo 2020/05/18 14:20:46 1.104

 @@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.103 2020/03/15 22:52:04 adam Exp $
+$NetBSD: distinfo,v 1.104 2020/05/18 14:20:46 taca Exp $
-SHA1 (dovecot-2.3.10.tar.gz) = cf0d572b640bec519c3c771716d0b32148dc2bd4
+SHA1 (dovecot-2.3.10.1.tar.gz) = d8afa71f3a7a2c2e406745ff43057ae94ed23871
-RMD160 (dovecot-2.3.10.tar.gz) = c4892cc02b7a414a23a03c6adb03acc115c0796b
+RMD160 (dovecot-2.3.10.1.tar.gz) = f68993644d14c4bae321e2525fb6c885724d8ebd
-SHA512 (dovecot-2.3.10.tar.gz) = 73e10d7d1e616d6599eb53f2d2d1ac0f0f2e6e84019faac5cd525e833da44839a7e483635b61d432e3254a9e5f6f90915bec8940c584210341085241949dffa2
+SHA512 (dovecot-2.3.10.1.tar.gz) = 5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06
-Size (dovecot-2.3.10.tar.gz) = 7222241 bytes
+Size (dovecot-2.3.10.1.tar.gz) = 7226958 bytes
 SHA1 (patch-aa) = 3af01aa4a8cea1a3fb840b6243a744de77069611
 SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e
 SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b
 SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498
 SHA1 (patch-src_imap_imap-client.h) = 1a2bf95ab6af57d88862a1512624bf263f4c2ce7
 SHA1 (patch-src_lib-ldap_ldap-private.h) = 2d5ce32330ad4164cc75f8d209ba499d37ed01fc
 SHA1 (patch-src_lib_connection.h) = c147511f4ff50e4b5a048c3a363f0af90ee4c6ad
 SHA1 (patch-src_old-stats_mail-stats.h) = 0d40c618445c089af2646a6864c3e909812282af

--- pkgsrc/mail/dovecot2-sqlite/Makefile 2020/04/12 08:28:56 1.20
+++ pkgsrc/mail/dovecot2-sqlite/Makefile 2020/05/18 14:20:46 1.21

 @@ -1,16 +1,15 @@
-# $NetBSD: Makefile,v 1.20 2020/04/12 08:28:56 adam Exp $
+# $NetBSD: Makefile,v 1.21 2020/05/18 14:20:46 taca Exp $
 PKGREVISION= 1
 .include "../../mail/dovecot2/Makefile.common"
 PKGNAME=	${DISTNAME:S/dovecot/dovecot-sqlite/}
 COMMENT+=	(SQLite plugin)
 CONFIGURE_ARGS+=	--with-sql=plugin
 CONFIGURE_ARGS+=	--with-sqlite
 INSTALLATION_DIRS+=	lib/dovecot/auth lib/dovecot/dict
 do-install:
 	cd ${WRKSRC} && ${LIBTOOL} --mode=install ${INSTALL_LIB} 	\
 		src/lib-sql/libdriver_sqlite.la 			\